NOTE: This page is defunct and archived for historical purposes.

The Skycrane project (tentatively branded Gombot) aims to build a simple, secure, and usable password storage and retrieval system for the web. Currently, the plan is to build simple clients out as browser extensions for Firefox and Google Chrome, a mobile application for iOS, and a REST server to securely store encrypted user data.

The first release of Skycrane will be a very simple tool that intercepts login forms on webpages and grabs the user's username and password. With the user's permission, it stores them securely in a central server and gives the user the option of locally PIN locking their login for a site. When a user returns to a website they have stored data for, login forms will be filled for them, either automatically or after entering a PIN challenge. Additionally, the browser add-on will allow the user to copy their password for a particular site to the clipboard.

The mobile app will allow a user to view all of the sites they have stored logins for, and the corresponding passwords. It will also allow a user to copy a password to their clipboard, so that it can be pasted into the mobile browser of their choice. For this prototype version, the mobile app will only read, and not write to, a user's password database.

Specs

Most of the specifications for Skycrane are stored on the skycrane-wtf etherpad.
More information about the server spec and protocol: skycrane-server-design.

Code

Browser clients: https://github.com/mozilla/skycrane
Server: https://github.com/mozilla/gombot
Form detection: https://github.com/mozilla/skycrane-detector
Mobile app: https://github.com/mozilla/skycrane-ios

More information will be available here after the public alpha launch in December.